From nobody Tue Feb 10 09:10:42 2026 Received: from metis.whiteo.stw.pengutronix.de (metis.whiteo.stw.pengutronix.de [185.203.201.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C59EE299AB4 for ; Sat, 10 Jan 2026 17:29:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.203.201.7 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768066194; cv=none; b=Pu5AQlnRg0HSAmLP/ACxht72TaI9OQ13fgFqiDPqEGhLwyLWJ3G0mVzFpHNT3W+TCxmWDryx8E7RAMcU4fhzefI8UJMFXz3/bbJJLLaVYMf/+yLgidRHGIrPWYDDvUHOgS/dCw/MiSOcM/HKN6dZDfqlFbkSUUzIDFJI622hgtc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768066194; c=relaxed/simple; bh=koysSqIyAprpgVYcIbn8PnOX0DFwnfb5nrK0mnVJAAg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=suCAO/AGQb2a2yIA4VQEOAyiRd0q7HVhYv1mSckeK0aRfVx7m/AwaPVeTX5rx9vjqGkIpmB0CexGMkYYdppkwuPZ1F5pterALBL8TYD6LUyPXa0xnkMDje+Z5H1aSVAo6EhodGBlwBj5YjFO24En8jMvNMu2VDNOZi9r1xSyVlo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de; spf=pass smtp.mailfrom=pengutronix.de; arc=none smtp.client-ip=185.203.201.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pengutronix.de Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1vecm7-0004Jf-43; Sat, 10 Jan 2026 18:29:19 +0100 Received: from moin.white.stw.pengutronix.de ([2a0a:edc0:0:b01:1d::7b] helo=bjornoya.blackshift.org) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vecm6-00AEGV-2T; Sat, 10 Jan 2026 18:29:18 +0100 Received: from hardanger.blackshift.org (unknown [IPv6:2a03:2260:2009::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: mkl-all@blackshift.org) by smtp.blackshift.org (Postfix) with ESMTPSA id D930D4CA207; Sat, 10 Jan 2026 17:29:17 +0000 (UTC) From: Marc Kleine-Budde Date: Sat, 10 Jan 2026 18:28:55 +0100 Subject: [PATCH can 4/5] can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260110-can_usb-fix-memory-leak-v1-4-4a7c082a7081@pengutronix.de> References: <20260110-can_usb-fix-memory-leak-v1-0-4a7c082a7081@pengutronix.de> In-Reply-To: <20260110-can_usb-fix-memory-leak-v1-0-4a7c082a7081@pengutronix.de> To: Vincent Mailhol , Wolfgang Grandegger , Sebastian Haas , "David S. Miller" , Frank Jungclaus , socketcan@esd.eu, Yasushi SHOJI , Daniel Berglund , Olivier Sobrie , =?utf-8?q?Remigiusz_Ko=C5=82=C5=82=C4=85taj?= , Bernd Krumboeck Cc: kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Kleine-Budde , stable@vger.kernel.org X-Mailer: b4 0.15-dev-47773 X-Developer-Signature: v=1; a=openpgp-sha256; l=1617; i=mkl@pengutronix.de; h=from:subject:message-id; bh=koysSqIyAprpgVYcIbn8PnOX0DFwnfb5nrK0mnVJAAg=; b=owEBbQGS/pANAwAKAQx0Zd/5kJGcAcsmYgBpYoxmG24G6TxcPw4xtDSUp6kZ2WwerLowtWsQT iaG32saY3CJATMEAAEKAB0WIQSf+wzYr2eoX/wVbPMMdGXf+ZCRnAUCaWKMZgAKCRAMdGXf+ZCR nC+GCACRt/SO7xRRzuBE27Vk5jslFTtJs25PbFGFIJIlP1QDV/TbpVN6jYBRQdqNf6+tIDKLy0R bfuYJh9F32OyIqpq+gTvntUwcGM+tlnikWQ6+2PVqY2ckRVe8MknDi+USd/mh6orHboL/uvjvnY UqzvgAf9VWIEZIzK0mW6eUhmCh1/JTIb3JuXdxobTMCetYKxIk+NVc/F9uHHoe0vCtXZHLLX6ah cT3ZU8N3VHLD/g6Lz6IhtS6LVq5qKTXqGK9+3/vOi5iPd/Tp4iPbrH4tV/zhukBwHueZ86Y3mgB XTeVShgro94wK8nwmBh5dNPpRaB/xUO1bzeijJOMs4iKEXVU X-Developer-Key: i=mkl@pengutronix.de; a=openpgp; fpr=C1400BA0B3989E6FBC7D5B5C2B5EE211C58AEA54 X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: mkl@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In mcba_usb_probe() -> mcba_usb_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback mcba_usb_read_bulk_callback(), the URBs are processed and resubmitted. In mcba_usb_close() -> mcba_urb_unlink() the URBs are freed by calling usb_kill_anchored_urbs(&priv->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs(). Fix the memory leak by anchoring the URB in the mcba_usb_read_bulk_callback()to the priv->rx_submitted anchor. Fixes: 51f3baad7de9 ("can: mcba_usb: Add support for Microchip CAN BUS Anal= yzer") Cc: stable@vger.kernel.org Signed-off-by: Marc Kleine-Budde --- drivers/net/can/usb/mcba_usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/can/usb/mcba_usb.c b/drivers/net/can/usb/mcba_usb.c index 41c0a1c399bf..33d32966eb87 100644 --- a/drivers/net/can/usb/mcba_usb.c +++ b/drivers/net/can/usb/mcba_usb.c @@ -608,6 +608,8 @@ static void mcba_usb_read_bulk_callback(struct urb *urb) urb->transfer_buffer, MCBA_USB_RX_BUFF_SIZE, mcba_usb_read_bulk_callback, priv); =20 + usb_anchor_urb(urb, &priv->rx_submitted); + retval =3D usb_submit_urb(urb, GFP_ATOMIC); =20 if (retval =3D=3D -ENODEV) --=20 2.51.0